Lucene search
K

5 matches found

Nuclei
Nuclei
added 2026/06/28 3:8 p.m.18 views

dotCMS Core Publish Audit API - Unauthenticated SQL Injection

dotCMS Core 25.11.04-1 through 26.04.28-02 contains an SQL injection caused by unsanitized input in Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll, letting remote unauthenticated attackers read, modify, or destroy arbitrary database content, exploit requires ...

10CVSS6AI score0.01584EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/27 12:0 a.m.20 views

VulnCheck KEV: CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS6.1AI score0.01584EPSS
In wildExploits1References2
Cvelist
Cvelist
added 2026/05/27 7:55 a.m.32 views

CVE-2026-8054 Unauthenticated SQL Injection in dotCMS Publish Audit API

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

10CVSS0.01584EPSS
Exploits1References2
CVE
CVE
added 2026/05/27 7:55 a.m.42 views

CVE-2026-8054

DotCMS Core versions 25.11.04-1 through 26.04.28-02 are affected by an SQL injection in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll. The vulnerability stems from unsanitized input used in dynamically constructed SQL, allowing remote unauthenticated att...

10CVSS6.1AI score0.01584EPSS
In wildExploits1References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

DotCMS 安全漏洞

DotCMS is an open-source content management system written in Java, developed by DotCMS Inc. It is used to manage content and content-driven websites and applications. There are security vulnerabilities in the DotCMS Core version 25.11.04-1 to 26.04.28-02. These vulnerabilities stem from the...

10CVSS5.8AI score0.01584EPSS
Exploits1References2
Rows per page
Query Builder